Re: about the wild record
于 2012-10-15 15:38, Cathy Almond 写道: On 15/10/12 05:23, pangj wrote: Hello, I have setup a wild record for cloudns.tk, the record: *.cloudns.tk. 300 IN A 209.141.54.207 And I added another A record as this: s1.test.cloudns.tk. 300 IN A 8.8.8.8 After adding this record, the record of test.cloudns.tk gets lost, it does't match the wild record anymore. dig test.cloudns.tk gets nothing. Can you help explain it? thanks in advance. It's subtle. Wildcards match where there are no labels already. By adding record s1.test.cloudns.tk, you're implicitly creating domain test.cloudns.tk. It's empty, but it exists. But I didn't define a zone test.cloudns.tk (neither NS nor soa defined for it), why this domain exists? Thanks Cathy. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the wild record
On Oct 15, 2012, at 3:45 AM, pangj pa...@riseup.net wrote: 于 2012-10-15 15:38, Cathy Almond 写道: On 15/10/12 05:23, pangj wrote: Hello, I have setup a wild record for cloudns.tk, the record: *.cloudns.tk. 300 IN A 209.141.54.207 And I added another A record as this: s1.test.cloudns.tk. 300 IN A 8.8.8.8 After adding this record, the record of test.cloudns.tk gets lost, it does't match the wild record anymore. dig test.cloudns.tk gets nothing. Can you help explain it? thanks in advance. It's subtle. Wildcards match where there are no labels already. By adding record s1.test.cloudns.tk, you're implicitly creating domain test.cloudns.tk. It's empty, but it exists. But I didn't define a zone test.cloudns.tk (neither NS nor soa defined for it), why this domain exists? You created s1.test.cloudns.tk -- when you did this, you automatically created test.cloudns.tk (if you had created a.b.c.d.e.cloudns.tk you would also have created e.cloudns.tk, d.e.couldns.tk, c.d.e.cloudns.tk, b.c.d.e.cloudns.tk). The DNS is basically a tree structure -- in order to have a leaf s1.test.cloudns.tk, there needs to be a branch (test.cloudns.tk) for it to hang on. By adding the s1.test.cloudns.tk leaf you also make the branch exist. There *is* in fact an SOA for test.cloud.tk: dig SOA +nocomment +nostats test.cloudns.tk ; DiG 9.9.2 SOA +nocomment +nostats test.cloudns.tk ;; global options: +cmd ;test.cloudns.tk. IN SOA cloudns.tk. 226 IN SOA ns0.cloudwebdns.com. support.cloudwebdns.com. 1048 7200 1800 604800 300 It is the SOA for clouds.tk. W Thanks Cathy. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- The duke had a mind that ticked like a clock and, like a clock, it regularly went cuckoo. -- (Terry Pratchett, Wyrd Sisters) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the wild record
no SOA for test.cloudns.tk IMO. see: PromatoMacBook-Pro:~ pro$ dig test.cloudns.tk soa ; DiG 9.7.6-P1 test.cloudns.tk soa ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 60320 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;test.cloudns.tk. IN SOA ;; AUTHORITY SECTION: cloudns.tk. 300 IN SOA ns0.cloudwebdns.com. support.cloudwebdns.com. 1048 7200 1800 604800 300 ;; Query time: 860 msec ;; SERVER: 211.136.192.6#53(211.136.192.6) ;; WHEN: Mon Oct 15 21:13:04 2012 ;; MSG SIZE rcvd: 96 The SOA is presented in AUTHORITY SECTION, not in ANSWER SECTION, so it's meaningless. On Oct 15, 2012, at 3:45 AM, pangj pa...@riseup.net wrote: 于 2012-10-15 15:38, Cathy Almond 写道: On 15/10/12 05:23, pangj wrote: Hello, I have setup a wild record for cloudns.tk, the record: *.cloudns.tk. 300 IN A 209.141.54.207 And I added another A record as this: s1.test.cloudns.tk. 300 IN A 8.8.8.8 After adding this record, the record of test.cloudns.tk gets lost, it does't match the wild record anymore. dig test.cloudns.tk gets nothing. Can you help explain it? thanks in advance. It's subtle. Wildcards match where there are no labels already. By adding record s1.test.cloudns.tk, you're implicitly creating domain test.cloudns.tk. It's empty, but it exists. But I didn't define a zone test.cloudns.tk (neither NS nor soa defined for it), why this domain exists? You created s1.test.cloudns.tk -- when you did this, you automatically created test.cloudns.tk (if you had created a.b.c.d.e.cloudns.tk you would also have created e.cloudns.tk, d.e.couldns.tk, c.d.e.cloudns.tk, b.c.d.e.cloudns.tk). The DNS is basically a tree structure -- in order to have a leaf s1.test.cloudns.tk, there needs to be a branch (test.cloudns.tk) for it to hang on. By adding the s1.test.cloudns.tk leaf you also make the branch exist. There *is* in fact an SOA for test.cloud.tk: dig SOA +nocomment +nostats test.cloudns.tk ; DiG 9.9.2 SOA +nocomment +nostats test.cloudns.tk ;; global options: +cmd ;test.cloudns.tk. IN SOA cloudns.tk. 226 IN SOA ns0.cloudwebdns.com. support.cloudwebdns.com. 1048 7200 1800 604800 300 It is the SOA for clouds.tk. W Thanks Cathy. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- The duke had a mind that ticked like a clock and, like a clock, it regularly went cuckoo. -- (Terry Pratchett, Wyrd Sisters) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the wild record
On Oct 15 2012, pa...@riseup.net wrote: no SOA for test.cloudns.tk IMO. see: PromatoMacBook-Pro:~ pro$ dig test.cloudns.tk soa ; DiG 9.7.6-P1 test.cloudns.tk soa ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 60320 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;test.cloudns.tk. IN SOA ;; AUTHORITY SECTION: cloudns.tk. 300 IN SOA ns0.cloudwebdns.com. support.cloudwebdns.com. 1048 7200 1800 604800 300 ;; Query time: 860 msec ;; SERVER: 211.136.192.6#53(211.136.192.6) ;; WHEN: Mon Oct 15 21:13:04 2012 ;; MSG SIZE rcvd: 96 The SOA is presented in AUTHORITY SECTION, not in ANSWER SECTION, so it's meaningless. Indeed, Warren's use of +nostats +ncomments to conceal that was disingenuous, to say the least. But you should notice that the above response - rcode NOERROR with an empty data section - is what RFC 2308 calls NODATA, and not an NXDOMAIN. This is because test.cloudns.tk is an empty non-terminal in the name tree within the zone, and it is that which prevents *.cloudns.tk from applying to anything under it. -- Chris Thompson Email: c...@cam.ac.uk ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the wild record
On Oct 15, 2012, at 12:25 PM, Chris Thompson c...@cam.ac.uk wrote: On Oct 15 2012, pa...@riseup.net wrote: no SOA for test.cloudns.tk IMO. see: PromatoMacBook-Pro:~ pro$ dig test.cloudns.tk soa ; DiG 9.7.6-P1 test.cloudns.tk soa ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 60320 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;test.cloudns.tk.IN SOA ;; AUTHORITY SECTION: cloudns.tk. 300 IN SOA ns0.cloudwebdns.com. support.cloudwebdns.com. 1048 7200 1800 604800 300 ;; Query time: 860 msec ;; SERVER: 211.136.192.6#53(211.136.192.6) ;; WHEN: Mon Oct 15 21:13:04 2012 ;; MSG SIZE rcvd: 96 The SOA is presented in AUTHORITY SECTION, not in ANSWER SECTION, so it's meaningless. Indeed, Warren's use of +nostats +ncomments to conceal that was disingenuous, to say the least. Actually the use of +nostats +nocomments was to try not include detracting info, and I completly missed where the the RR showed up... But, gee, thanks for the implication… W But you should notice that the above response - rcode NOERROR with an empty data section - is what RFC 2308 calls NODATA, and not an NXDOMAIN. This is because test.cloudns.tk is an empty non-terminal in the name tree within the zone, and it is that which prevents *.cloudns.tk from applying to anything under it. -- Chris Thompson Email: c...@cam.ac.uk -- Outside of a dog, a book is your best friend, and inside of a dog, it's too dark to read ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the wild record
On Oct 15, 2012, at 6:16 AM, pa...@riseup.net wrote: no SOA for test.cloudns.tk IMO. see: You have confused domain with zone. You have a zone named 'cloudns.tk.'. A zone is also a domain. Within that domain, you have the following subdomains (that you have mentioned): test.cloudns.tk. s1.test.cloudns.tk. *.cloudns.tk. All of these domain names are the apexes of domains. None of those domains are broken out (delegated) as zones (with SOA records). What everyone so far has been trying to tell you is, even though you have no records named 'test.cloudns.tk.', its existence as a domain name is implied by the existence the child, 's1.test.cloudns.tk.'. Therefore, the wildcard will not match queries for those two domain names. Nor will it match any other domain names within those two domains -- you would need A records for the following names to cover all of the names other than s1.test: test.cloudns.tk. *.test.cloudns.tk. *.s1.test.cloudns.tk. Chris Buxton BlueCat Networks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind 9.7.3 Options Table
While googling for 'default' config file options, I found this chart. http://www.ipamworldwide.com/component/content/article/48-dns-isc/98-bind-973-options.html It does not take the place of the ARM but seems helpful. Enjoy John Manson CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226-4244 | TCC: 202-226-6430 | john.man...@mail.house.gov ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about the wild record
Thanks for all your helps. Have a nice day. 于 2012-10-16 2:02, Chris Buxton 写道: On Oct 15, 2012, at 6:16 AM, pa...@riseup.net wrote: no SOA for test.cloudns.tk IMO. see: You have confused domain with zone. You have a zone named 'cloudns.tk.'. A zone is also a domain. Within that domain, you have the following subdomains (that you have mentioned): test.cloudns.tk. s1.test.cloudns.tk. *.cloudns.tk. All of these domain names are the apexes of domains. None of those domains are broken out (delegated) as zones (with SOA records). What everyone so far has been trying to tell you is, even though you have no records named 'test.cloudns.tk.', its existence as a domain name is implied by the existence the child, 's1.test.cloudns.tk.'. Therefore, the wildcard will not match queries for those two domain names. Nor will it match any other domain names within those two domains -- you would need A records for the following names to cover all of the names other than s1.test: test.cloudns.tk. *.test.cloudns.tk. *.s1.test.cloudns.tk. Chris Buxton BlueCat Networks ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
